Hacking C++ question
Author
Hi all,
I had a lecture once where we were shown how to access the private (well any) members of a class, change all its vtable etc. without touching the class source code. Trouble is I can''t remember how it was done. He also showed how to turn a singleton into a multiton and back again without touching the singleton objects source.
All of it was perfectly legal C++.
Anyone have any ideas on how this is done? I know there is no valid reason why you would want to do it but it just interested me. I''m a C++ programmer and I love finding out all the flaws in the C++ design.
Thanks
You can do pretty much anything with pointer manipulation.
Two points:
1) C++ isn''t supposed to offer protection against people deliberately doing this so it isn''t really a ''flaw''. C++ access mechanisms are merely to prevent accidental manipulation of data.
2) It depends on what you define as ''legal''. Things like this that work on one implementation may not work on another, for example: Different C++ implementations may place the vtable in different locations. It may be ''legal'' as in it compiles and runs (on a certain platform, with a certain compiler) but it wouldn''t be considered ''good'' or portable code.
Two points:
1) C++ isn''t supposed to offer protection against people deliberately doing this so it isn''t really a ''flaw''. C++ access mechanisms are merely to prevent accidental manipulation of data.
2) It depends on what you define as ''legal''. Things like this that work on one implementation may not work on another, for example: Different C++ implementations may place the vtable in different locations. It may be ''legal'' as in it compiles and runs (on a certain platform, with a certain compiler) but it wouldn''t be considered ''good'' or portable code.
Just do something like
#define private public#define protected public#include "class.h"#undef protected#undef private #include <iostream>using namespace std;class s{public:s(){h = 123456;}private: int l; int h;};int main(){s cla;int *j = ((int *)&cla)+1;cout << *j << endl;*j = 0; return 0;}Why is this a flaw?
Remember that all the keywords like const private protected are there to help you avoid unnecessary bugs.
quote:Original post by stew
Hi all,
I had a lecture once where we were shown how to access the private (well any) members of a class, change all its vtable etc. without touching the class source code. Trouble is I can''t remember how it was done. He also showed how to turn a singleton into a multiton and back again without touching the singleton objects source.
All of it was perfectly legal C++.
Anyone have any ideas on how this is done? I know there is no valid reason why you would want to do it but it just interested me. I''m a C++ programmer and I love finding out all the flaws in the C++ design.
Thanks
You can do all sorts of "mucked" up things in C++. One of my favorites it to have a function hi-jack it''s return pointer. Use a stack-allocated variable as an offset and you can walk backwards down the stack just enough to overwrite the return pointer. Something like:
void f();void g(){ int x; *(x+6) = &f;} The sign and value of the offset will vary based on the calling convention and architecture, but it''s funny to see. Any language that allows pointers will have problems like this.
Another thing you can do is change the public and private keywords in a header file for a pre-compiled library. You can make it all public if you want.
Anyways...
I fail to see why these are problems.
The only way this could be a problem is if you''re dealing with a programmer with sub-par intelligence.
The only way this could be a problem is if you''re dealing with a programmer with sub-par intelligence.
quote:Original post by Extrarius
Just do something like#define private public#define protected public#include "class.h"#undef protected#undef private
two things come to mind:
-"without touching the class source code"
youre doing exactly that, no matter if you do it directly or indirectly
-try to access bla with your trick:
class X {
int bla;
public:
...
}
Its not editing the source files, which is what I took it to mean, and I very rarely see classes that don't explicitly use plublic/private/protected. If you're going to say its editing the source, then the only other option(afaik) is pointer manipulation which varies depending on compiler (or at least, the order in which the member variables are stored in ram, any alignment settings in place, where the virtual table is and how large it is, and probably a few other things as well)
[edited by - Extrarius on August 6, 2003 11:19:51 AM]
[edited by - Extrarius on August 6, 2003 11:19:51 AM]
quote:Original post by Extrarius
Its not editing the source files, which is what I took it to mean, and I very rarely see classes that don''t explicitly use plublic/private/protected.
Your code is, however, illegal. The C++ standard explicitly forbids built-in keywords from being #defined.
Here''s a sneaky way that is legal C++, works on all compliant compilers, and doesn''t assume anything about memory layout (which is non-portable):
suppose you have this class:
class C{public: template<typename T> void Func(T arg) { ... }private: int cantTouchThis;};Then your own code can evilly exploit explicit template instantiation as shown:
class Dummy {};template<> void Func<Dummy>(Dummy arg){ cantTouchThis = 12345;}And then just call Func with a Dummy argument to run the code as a priveleged function.
How appropriate. You fight like a cow.
quote:Original post by daerid
I fail to see why these are problems.
The only way this could be a problem is if you''re dealing with a programmer with sub-par intelligence.
As a programmer, I am always dealing with sub-par intelligence
/*Joe DiMichele
C/C++/VB Programmer, A+ Certified Technician
AIM:Krawling Khaos, ICQ:332871787
joedimichele@hotmail.com
oderint dum metuant
Excuse my spelling, programmers can''t spel*/
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement